(Daily Point) – Passwords, a critical component of safeguarding personal information, often fall short in personalisation, leaving them vulnerable to easy exploitation. NordPass, a company dedicated to password generation and security, has unveiled its annual compilation of commonly used passwords, exposing a lack of creativity among users.
In collaboration with independent researchers who analysed 4.3 terabytes of publicly available data from 35 countries and eight platforms, NordPass ensured the exclusion of compromised personal information. The study revealed a prevalence of simple numerical sequences among frequently used passwords.
Topping the list is the unimaginative “123456,” encountered over 4.5 million times and crackable in less than a second. Similarly susceptible is “admin,” used over 4 million times. Other common choices include numerical strings like “1234,” “12345678,” and the slightly longer “123456789,” remaining widely used and vulnerable.
Even seemingly complex variations like “P@ssw0rd” prove insufficient, with a crack time of less than a second and 135,424 occurrences. Common words like “password” and the misspelled “UKNOWN” also offer minimal resistance, taking less than a second and 17 minutes to crack, respectively.
The list extends to series of letters, such as “qwertyuiop,” counted 79,434 times and crackable in less than a second despite the illusion of complexity.
NordPass further breaks down password data by country, revealing predictable choices dominating the U.S. list. Surprisingly, the 16th most common password is “sh**bird,” encountered 4,230 times and taking five minutes to crack.
The report underscores platform-specific influences on password choices, with e-commerce sites like Amazon featuring predictable passwords like “amazon,” and streaming sites exhibiting notably insecure choices, including “netflix.”
Despite technological advancements, NordPass emphasises the ongoing threat of malware attacks. Recommendations include crafting robust passwords with a minimum of 20 characters, using a mix of upper and lower case letters, avoiding easily guessable information, and employing distinct passwords across various platforms.